← Back to Guides

Cloud Migration Complete Guide

📖 18 min read | 📅 Updated: January 2025 | 🏷️ DevOps & Cloud

Introduction

Cloud migration is a strategic initiative requiring careful planning. This guide covers the 7 Rs of migration, assessment frameworks, migration strategies, tools, security considerations, and common pitfalls to avoid for successful cloud adoption.

1. Migration Assessment

# Cloud migration assessment framework

## 1. Application Inventory
- List all applications
- Map dependencies
- Identify data stores
- Document integrations
- Current resource usage
- Licensing requirements

## 2. Business Assessment
- Migration goals (cost, agility, scale)
- Timeline and budget
- Risk tolerance
- Compliance requirements
- Stakeholder buy-in

## 3. Technical Assessment
- Architecture complexity
- Technology stack compatibility
- Performance requirements
- Data volume and transfer
- Network bandwidth
- Security and compliance gaps

## 4. Cost Analysis
Current on-premises costs:
- Hardware (servers, storage, network)
- Licenses
- Maintenance
- Power and cooling
- Staffing
- Datacenter space

Projected cloud costs:
- Compute (EC2, VMs)
- Storage (S3, EBS)
- Network (data transfer, VPN)
- Managed services
- Support plans
- Training

# AWS Migration Evaluator
aws migrationhub import-migration-task \
  --cli-input-json file://migration-task.json

# Azure Migrate assessment
az migrate project create \
  --resource-group migration-rg \
  --name my-migration \
  --location eastus

# Google Cloud Migration Center
gcloud migration assessments create my-assessment \
  --location=us-central1

# Discovery tool example
# AWS Application Discovery Service
aws discovery start-data-collection-by-agent-ids \
  --agent-ids agent-1 agent-2

2. The 7 Rs of Migration

# 1. REHOST (Lift and Shift)
# Quickest migration, minimal changes

Strategy:
- Move VM/server as-is to cloud
- Use AWS VM Import, Azure Migrate, Google Cloud Migrate
- Best for: Legacy apps, quick wins

Example:
# AWS VM Import
aws ec2 import-image \
  --disk-containers file://containers.json \
  --description "Migrated production server"

Pros:
+ Fast migration
+ Low risk
+ Minimal code changes

Cons:
- Not cloud-optimized
- Higher costs
- Limited cloud benefits

# 2. REPLATFORM (Lift, Tinker, and Shift)
# Minor optimizations without code changes

Strategy:
- Migrate with small cloud optimizations
- Use RDS instead of self-managed database
- Use ELB instead of on-prem load balancer

Example:
# Convert MySQL to RDS
mysqldump --host=on-prem-db > backup.sql
aws rds create-db-instance \
  --db-instance-identifier myapp-db \
  --engine mysql
mysql --host=rds-endpoint < backup.sql

Pros:
+ Some cloud benefits
+ Faster than rebuild
+ Reduced operational overhead

Cons:
- Still not fully optimized
- Some technical debt remains

# 3. REPURCHASE (Drop and Shop)
# Replace with SaaS

Strategy:
- Move to cloud-native SaaS
- Email server → Office 365/Gmail
- CRM → Salesforce
- ERP → Workday

Example:
- On-prem Exchange → Microsoft 365
- Self-hosted Jenkins → GitHub Actions
- Custom monitoring → Datadog

Pros:
+ Latest features
+ No infrastructure management
+ Predictable costs

Cons:
- Vendor lock-in
- Data migration complexity
- Customization limitations

# 4. REFACTOR (Re-architect)
# Redesign for cloud-native

Strategy:
- Microservices architecture
- Serverless functions
- Managed services
- Containers and orchestration

Example:
# Monolith to microservices
Before: Single EC2 instance
After:
  - API Gateway → Lambda functions
  - RDS for database
  - S3 for static assets
  - CloudFront CDN
  - SQS for async processing

# Containerize application
FROM node:18-alpine
WORKDIR /app
COPY package*.json ./
RUN npm ci --production
COPY . .
EXPOSE 3000
CMD ["node", "server.js"]

Pros:
+ Maximum cloud benefits
+ Scalability and resilience
+ Cost optimization
+ Modern architecture

Cons:
- Most expensive upfront
- Longest timeline
- Requires skilled team
- Higher complexity

# 5. RETIRE
# Decommission unused applications

Strategy:
- Identify unused/redundant apps
- Archive data if needed
- Shut down

Benefits:
- Reduced costs
- Simplified portfolio
- Focus on valuable apps

# 6. RETAIN (Revisit)
# Keep on-premises temporarily

Reasons:
- Not ready for migration
- Compliance restrictions
- High risk applications
- Recent major investment

# 7. RELOCATE
# VMware Cloud on AWS, Azure VMware Solution

Strategy:
- Move VMware workloads to cloud
- Minimal changes
- Hybrid cloud approach

3. Migration Strategies

# Phased Migration Approach

## Phase 1: Pilot (1-2 months)
- Select low-risk application
- Migrate to cloud
- Test thoroughly
- Document learnings
- Refine process

## Phase 2: Foundation (2-3 months)
- Set up cloud foundation
  - Landing zones
  - Networking (VPC, VPN, Direct Connect)
  - Identity and access management
  - Security and compliance
  - Monitoring and logging
  - Cost management

# AWS Landing Zone example
resource "aws_organizations_organization" "org" {
  feature_set = "ALL"
}

resource "aws_organizations_organizational_unit" "prod" {
  name      = "Production"
  parent_id = aws_organizations_organization.org.roots[0].id
}

resource "aws_organizations_organizational_unit" "dev" {
  name      = "Development"
  parent_id = aws_organizations_organization.org.roots[0].id
}

## Phase 3: Data Migration (2-4 months)
- Database migration
- File storage migration
- Backup and recovery setup

# Database migration with DMS
aws dms create-replication-instance \
  --replication-instance-identifier my-replication \
  --replication-instance-class dms.t3.medium

aws dms create-endpoint --endpoint-identifier source-db \
  --endpoint-type source --engine-name mysql \
  --server-name on-prem-db.local --port 3306

aws dms create-endpoint --endpoint-identifier target-db \
  --endpoint-type target --engine-name aurora \
  --server-name aurora-cluster.amazonaws.com

aws dms create-replication-task \
  --replication-task-identifier migrate-prod-db \
  --source-endpoint-arn arn:aws:dms:... \
  --target-endpoint-arn arn:aws:dms:... \
  --replication-instance-arn arn:aws:dms:... \
  --migration-type full-load-and-cdc

# S3 data transfer
aws s3 sync /local/data s3://my-bucket/data \
  --storage-class INTELLIGENT_TIERING

# AWS DataSync for large transfers
aws datasync create-location-nfs \
  --server-hostname on-prem-nas.local \
  --subdirectory /data \
  --on-prem-config AgentArns=arn:aws:datasync:...

## Phase 4: Application Migration (3-6 months)
- Migrate applications by priority
- High priority first
- Validate functionality
- Performance testing
- Security testing

## Phase 5: Cutover (1-2 months)
- DNS cutover
- Traffic migration
- Decommission on-prem

# Traffic migration with Route53
resource "aws_route53_record" "app" {
  zone_id = aws_route53_zone.main.zone_id
  name    = "app.example.com"
  type    = "A"
  
  weighted_routing_policy {
    weight = 10  # 10% to cloud, 90% to on-prem
  }
  
  set_identifier = "cloud"
  alias {
    name                   = aws_lb.cloud.dns_name
    zone_id                = aws_lb.cloud.zone_id
    evaluate_target_health = true
  }
}

# Gradually increase weight: 10% → 25% → 50% → 100%

## Phase 6: Optimization (Ongoing)
- Cost optimization
- Performance tuning
- Security hardening
- Automation

4. Data Migration Tools

# AWS Database Migration Service (DMS)
# Supports: Oracle, SQL Server, MySQL, PostgreSQL, MongoDB

aws dms describe-replication-tasks

# Monitor migration
aws dms describe-replication-task-assessment-results \
  --replication-task-arn arn:aws:dms:...

# AWS Application Migration Service (MGN)
# Formerly CloudEndure

aws mgn initialize-service

aws mgn start-replication \
  --source-server-id s-1234567890

# Azure Database Migration Service
az dms project create \
  --resource-group migration-rg \
  --service-name my-dms \
  --name db-migration \
  --source-platform SQL \
  --target-platform AzureSqlDatabase

# Google Database Migration Service
gcloud database-migration migration-jobs create \
  my-migration \
  --source=source-connection \
  --destination=cloudsql-instance \
  --type=CONTINUOUS

# Rclone for file migration
rclone sync /local/files s3:my-bucket \
  --progress \
  --transfers 10 \
  --checkers 20

# Rsync to cloud
rsync -avz --progress /local/data/ \
  user@cloud-instance:/data/

# AWS Snow family for petabyte-scale
# Snowcone (8TB), Snowball (80TB), Snowmobile (100PB)

aws snowball create-job \
  --job-type IMPORT \
  --resources S3Bucket=my-bucket \
  --shipping-option NEXT_DAY

5. Network Architecture

# Hybrid cloud networking

## VPN Connection
# AWS Site-to-Site VPN
resource "aws_vpn_gateway" "main" {
  vpc_id = aws_vpc.main.id
}

resource "aws_customer_gateway" "on_prem" {
  bgp_asn    = 65000
  ip_address = "203.0.113.1"  # On-prem public IP
  type       = "ipsec.1"
}

resource "aws_vpn_connection" "main" {
  vpn_gateway_id      = aws_vpn_gateway.main.id
  customer_gateway_id = aws_customer_gateway.on_prem.id
  type                = "ipsec.1"
  static_routes_only  = false
}

## Direct Connect (Dedicated connection)
resource "aws_dx_connection" "main" {
  name      = "production-dx"
  bandwidth = "10Gbps"
  location  = "EqDC2"  # Equinix DC2
}

resource "aws_dx_gateway" "main" {
  name            = "production-dx-gateway"
  amazon_side_asn = 64512
}

resource "aws_dx_gateway_association" "main" {
  dx_gateway_id         = aws_dx_gateway.main.id
  associated_gateway_id = aws_vpn_gateway.main.id
}

## Azure ExpressRoute
resource "azurerm_express_route_circuit" "main" {
  name                  = "production-expressroute"
  resource_group_name   = azurerm_resource_group.main.name
  location              = "East US"
  service_provider_name = "Equinix"
  peering_location      = "Washington DC"
  bandwidth_in_mbps     = 10000
  
  sku {
    tier   = "Premium"
    family = "MeteredData"
  }
}

## Google Cloud Interconnect
resource "google_compute_interconnect_attachment" "main" {
  name   = "production-interconnect"
  region = "us-central1"
  router = google_compute_router.main.id
  type   = "DEDICATED"
}

6. Security & Compliance

# Security considerations for migration

## Identity and Access Management
# AWS IAM policy for migration team
{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Action": [
        "ec2:*",
        "rds:*",
        "s3:*"
      ],
      "Resource": "*",
      "Condition": {
        "StringEquals": {
          "aws:RequestedRegion": "us-east-1"
        }
      }
    }
  ]
}

## Encryption
# Encrypt EBS volumes
resource "aws_ebs_volume" "encrypted" {
  availability_zone = "us-east-1a"
  size              = 100
  encrypted         = true
  kms_key_id        = aws_kms_key.main.arn
}

# S3 bucket encryption
resource "aws_s3_bucket_server_side_encryption_configuration" "main" {
  bucket = aws_s3_bucket.main.id
  
  rule {
    apply_server_side_encryption_by_default {
      sse_algorithm     = "aws:kms"
      kms_master_key_id = aws_kms_key.main.arn
    }
  }
}

# RDS encryption
resource "aws_db_instance" "encrypted" {
  storage_encrypted = true
  kms_key_id        = aws_kms_key.main.arn
}

## Compliance
# AWS Config rules
resource "aws_config_config_rule" "encrypted_volumes" {
  name = "encrypted-volumes"
  
  source {
    owner             = "AWS"
    source_identifier = "ENCRYPTED_VOLUMES"
  }
}

# Security Hub
aws securityhub enable-security-hub \
  --enable-default-standards

## Network security
# Security group locked down
resource "aws_security_group" "app" {
  vpc_id = aws_vpc.main.id
  
  ingress {
    from_port   = 443
    to_port     = 443
    protocol    = "tcp"
    cidr_blocks = ["10.0.0.0/8"]  # Only internal
  }
  
  egress {
    from_port   = 0
    to_port     = 0
    protocol    = "-1"
    cidr_blocks = ["0.0.0.0/0"]
  }
}

# WAF for web applications
resource "aws_wafv2_web_acl" "main" {
  name  = "production-waf"
  scope = "REGIONAL"
  
  default_action {
    allow {}
  }
  
  rule {
    name     = "RateLimitRule"
    priority = 1
    
    action {
      block {}
    }
    
    statement {
      rate_based_statement {
        limit              = 2000
        aggregate_key_type = "IP"
      }
    }
  }
}

7. Cost Optimization

# Post-migration cost optimization

## Right-sizing instances
# AWS Compute Optimizer recommendations
aws compute-optimizer get-ec2-instance-recommendations

# Resize instances
aws ec2 modify-instance-attribute \
  --instance-id i-1234567890 \
  --instance-type t3.medium

## Reserved Instances & Savings Plans
# 1-year Reserved Instance (40% savings)
aws ec2 purchase-reserved-instances-offering \
  --reserved-instances-offering-id offering-id \
  --instance-count 10

# Compute Savings Plan (up to 66% savings)
aws savingsplans create-savings-plan \
  --savings-plan-offering-id offering-id \
  --commitment 100 \
  --upfront-payment-amount 1000

## Spot Instances
# AWS Spot for dev/test (up to 90% savings)
resource "aws_spot_instance_request" "dev" {
  ami           = "ami-12345"
  instance_type = "t3.large"
  spot_price    = "0.05"
  
  tags = {
    Name = "dev-spot-instance"
  }
}

## Storage optimization
# S3 Intelligent-Tiering
resource "aws_s3_bucket_intelligent_tiering_configuration" "main" {
  bucket = aws_s3_bucket.main.id
  name   = "EntireBucket"
  
  tiering {
    access_tier = "ARCHIVE_ACCESS"
    days        = 90
  }
  
  tiering {
    access_tier = "DEEP_ARCHIVE_ACCESS"
    days        = 180
  }
}

# Lifecycle policies
resource "aws_s3_bucket_lifecycle_configuration" "main" {
  bucket = aws_s3_bucket.main.id
  
  rule {
    id     = "archive-old-data"
    status = "Enabled"
    
    transition {
      days          = 30
      storage_class = "STANDARD_IA"
    }
    
    transition {
      days          = 90
      storage_class = "GLACIER"
    }
  }
}

## Cost monitoring
# AWS Budget
aws budgets create-budget \
  --account-id 123456789012 \
  --budget file://budget.json \
  --notifications-with-subscribers file://notifications.json

# Cost anomaly detection
aws ce create-anomaly-monitor \
  --anomaly-monitor file://monitor.json

# Daily cost reports
aws ce get-cost-and-usage \
  --time-period Start=2024-01-01,End=2024-01-31 \
  --granularity DAILY \
  --metrics UnblendedCost \
  --group-by Type=DIMENSION,Key=SERVICE

8. Common Pitfalls

# Common cloud migration mistakes

❌ 1. No clear business case
✓ Define measurable goals and ROI

❌ 2. Lift and shift everything
✓ Evaluate each application (7 Rs)

❌ 3. Underestimating complexity
✓ Thorough assessment and planning

❌ 4. Ignoring dependencies
✓ Map all application dependencies

❌ 5. Poor network planning
✓ Design hybrid connectivity early

❌ 6. Neglecting security
✓ Security first, compliance validation

❌ 7. No testing strategy
✓ Test thoroughly before cutover

❌ 8. Inadequate training
✓ Train teams on cloud technologies

❌ 9. No cost governance
✓ Implement cost monitoring and controls

❌ 10. Big bang migration
✓ Phased approach with pilots

❌ 11. Forgetting about data egress costs
✓ Understand data transfer pricing

❌ 12. No rollback plan
✓ Always have a rollback strategy

❌ 13. Over-provisioning resources
✓ Start small, scale as needed

❌ 14. Ignoring cloud-native services
✓ Leverage managed services

❌ 15. Poor change management
✓ Communicate with stakeholders

9. Best Practices

✓ Cloud Migration Best Practices:

Conclusion

Cloud migration is a journey requiring careful planning, execution, and optimization. Assess applications thoroughly, choose appropriate migration strategies (7 Rs), implement security and compliance, and optimize costs post-migration. Start with pilots, learn continuously, and iterate toward full cloud adoption.

💡 Pro Tip: Use the AWS Well-Architected Framework, Azure Well-Architected Framework, or Google Cloud Architecture Framework to review your migration architecture. These frameworks cover operational excellence, security, reliability, performance, and cost optimization. Regular reviews ensure you're following cloud best practices throughout your migration journey.